Privacy Policy

1. Information We Collect

1.1 Personal Information

We collect the following types of personal information:

• Account Information: Name, email address, date of birth, shipping address, billing address, and phone number
• Payment Information: Credit card numbers, billing address, and transaction history (processed through secure third-party payment processors)
• Communication Data: Records of your correspondence with our customer support team

1.2 Genetic and Health Information

To provide personalized supplement recommendations, we collect and analyze:

• Selected Genetic Markers: We extract and retain only a limited set of specific single nucleotide polymorphisms (SNPs) that are directly relevant to nutritional metabolism and supplement response (e.g., markers related to vitamin D metabolism, folate processing, or mineral absorption). The specific markers we analyze may evolve as nutritional science advances, but are always limited to those with established relevance to dietary supplement recommendations. We do not store your full genome, raw genetic data files, or any genetic information beyond the specific nutritional markers needed for our Services.
• File Upload (Web): On our website, you may upload a genetic data file from a third-party service (such as 23andMe or AncestryDNA). We process the file to extract only the relevant nutritional markers and delete the original uploaded file after processing is complete. Only the extracted markers are retained in our systems.
• Manual Entry (Mobile & Web): On our mobile applications and website, you may manually enter specific genetic test results for a limited number of markers relevant to our Services — no file upload is required.
• Health and Lifestyle Information: Age, sex, weight, height, dietary preferences, exercise habits, sleep patterns, stress levels, existing health conditions, current medications and supplements, and wellness goals
• Survey Responses: Information you provide through questionnaires about your health, lifestyle, and supplement preferences

Important — What We Store: We retain only derived nutritional markers (e.g., a marker identifier and your genotype such as "CT" or "AG") — not your raw genetic sequence data, full genome, or any data that could be used to reconstruct your genetic profile. These markers represent a negligible fraction of your genome and are limited to nutritional relevance only.

Important — Your Control: Your genetic and health information is considered highly sensitive. You can delete your genetic markers from our systems at any time through your account settings or by contacting us, and deletion is immediate and permanent. We will never sell this information to third parties for any purpose.

1.3 Automatically Collected Information

When you use our Services, we automatically collect:

• Device Information: IP address, browser type, device type, operating system, and unique device identifiers
• Usage Data: Pages viewed, features accessed, time spent on pages, click patterns, and search queries
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies (see Section 9 for details)

2. How We Use Your Information

We use your information for the following purposes:

2.1 Personalized Recommendations

• Analyzing your genetic data and health information to generate AI-powered supplement recommendations
• Providing personalized nutrition insights based on your genetic predispositions and lifestyle factors
• Continuously refining our recommendations as you provide feedback and updates

2.2 Service Delivery

• Processing orders and facilitating product delivery
• Managing your account and subscription preferences
• Providing customer support and responding to inquiries
• Sending transactional communications (order confirmations, shipping updates, account notifications)

2.3 Research and Development

• Improving our AI algorithms and recommendation models
• Conducting research to advance personalized nutrition science (using de-identified or aggregated data)
• Developing new features and Services

2.4 Marketing and Communications

• Sending promotional materials about our products and Services (only with your consent)
• Providing educational content about nutrition, supplements, and wellness
• Conducting surveys and requesting feedback

2.5 Legal and Security

• Complying with legal obligations and regulatory requirements
• Protecting against fraud, security threats, and illegal activities
• Enforcing our Terms of Service and other policies

3. How We Share Your Information

We do NOT sell your personal information, genetic data, or health information to third parties. We may share your information only in the following limited circumstances:

3.1 Service Providers

We share information with trusted third-party service providers who help us operate our Services:

• Payment Processors: To process payments securely
• Shipping Partners: To fulfill and deliver orders
• Cloud Hosting Providers: To securely store data
• Analytics Providers: To understand how our Services are used
• Customer Support Tools: To provide assistance and resolve issues

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.2 AI-Powered Features and Third-Party AI Services

LyvvUp uses artificial intelligence for chat support, food photo analysis, and voice food logging. When enabled, the following data is sent to Anthropic PBC (Claude) for processing:

• Chat messages you send to the AI assistant
• Food photos for nutritional analysis
• Voice descriptions for food logging

Health insights, wellness goals, supplement tracking, nutritional data, and activity data are processed locally on Lyvv servers. No personal health context is sent to third parties.

• Who receives it: Anthropic PBC (Claude), our third-party AI service provider
• How it's protected: Data is encrypted in transit and not used to train AI models. All requests are sent through Lyvv Science's secure API credentials. Your personal identity (name, email, account details) is not shared directly with the AI provider
• You're in control: You can enable or disable AI data sharing separately for each feature (food photo analysis, voice food logging, and AI chat) at any time in Settings > Data & Privacy. You can revoke consent anytime. Disabling a feature immediately stops data from being sent to third parties for that feature

Anthropic PBC is contractually bound to protect your data and process it only as instructed by Lyvv Science. We regularly review our AI service provider to ensure they meet our data protection standards.

3.3 Research Partners

With your explicit consent, we may share de-identified and aggregated data with academic institutions or research organizations to advance scientific understanding of personalized nutrition. Individual-level genetic or health data is never shared without your separate, informed consent.

3.4 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal process (subpoena, court order, or search warrant)
• Government or regulatory requests
• Protection of our rights, property, or safety, or that of our users or the public

3.5 Business Transfers

If Lyvv is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will notify you of any such change and the choices you have regarding your information.

4. Data Security

We implement comprehensive security measures to protect your information:

• Encryption: All genetic and health data is encrypted at rest and in transit using industry-standard encryption protocols (AES-256 and TLS 1.3)
• Access Controls: Strict access controls ensure only authorized personnel can access sensitive information on a need-to-know basis
• Secure Infrastructure: Data is stored in secure, SOC 2-compliant data centers with physical and digital safeguards
• Regular Security Audits: We conduct regular security assessments and penetration testing
• Employee Training: All employees undergo privacy and security training

While we implement robust security measures, no system is completely secure. If we become aware of a security breach affecting your information, we will notify you and appropriate authorities as required by law.

5. Your Privacy Rights and Choices

Depending on your location, you may have the following rights:

5.1 Access and Portability

You have the right to access your personal information and request a copy in a portable format. You can download your data through your account dashboard or by contacting us.

5.2 Correction

You can update your account information, health profile, and preferences at any time through your account settings.

5.3 Deletion

You have the right to delete your data at any time:

• Genetic Marker Deletion: You can delete all your genetic markers at any time through your account settings or the app. Upon your request, we remove your genetic data from our active databases and delete any associated files from our storage systems. Our deletion process includes automated verification and fallback mechanisms to ensure complete removal — if any part of the deletion encounters an issue, secondary asynchronous processes will retry until your genetic data is fully purged.
• Full Account Deletion: You can request complete deletion of your account and all associated data (including health profiles, genetic markers, and any uploaded files) through your account settings or by contacting us at privacy@lyvvscience.com. Account deletion triggers a comprehensive data purge across all our systems.
• Completeness Guarantee: Our deletion process covers both database records and file storage. Any residual genetic data in system backups will be purged within 90 days of your deletion request.

Please note that we may retain certain non-genetic information as required by law (e.g., transaction records for tax compliance, retained for up to 7 years).

5.4 Opt-Out of Marketing

You can opt out of marketing emails by clicking the "unsubscribe" link in any promotional email or by updating your communication preferences in your account settings.

5.5 Genetic Data Controls

You have granular control over your genetic information:

• Instant Deletion: Delete all your genetic markers at any time directly from your account settings — no waiting period, no approval process required.
• Separate from Account: You can delete your genetic markers while keeping your account active for other Services (such as supplement ordering or wellness tracking).
• Research Opt-Out: You can control whether your de-identified genetic data is included in aggregated research datasets.
• Data Export: You can download your stored genetic markers at any time in a portable format.
• Re-upload: If you delete your genetic data, you may re-upload or re-enter it at any time to resume personalized recommendations.

5.6 State-Specific Rights

California Residents: Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have additional rights including the right to know what personal information we collect, the right to delete, and the right to opt-out of the sale of personal information. We do not sell personal information. California residents also have the right to non-discrimination for exercising their privacy rights.

Other States: Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have similar rights. Contact us to exercise your rights.

6. HIPAA, Genetic Data Laws, and Health Information

6.1 HIPAA Status

Lyvv Science is not a "covered entity" or "business associate" as defined under the Health Insurance Portability and Accountability Act (HIPAA). We are a wellness and nutritional supplement company — we do not provide healthcare services, health insurance, or healthcare billing. As such, the information you provide to us is not subject to HIPAA protections.

Although we are not bound by HIPAA, we voluntarily implement robust privacy and security practices for all health-related information, including encryption at rest and in transit (AES-256 / TLS 1.3), strict role-based access controls, SOC 2-compliant infrastructure, and regular security assessments (see Section 4 for details).

6.2 Nature of Genetic Information We Process

It is important to understand the limited nature of the genetic information we handle:

• We store only a small, defined set of nutritional genetic markers (specific SNP genotypes), not raw genetic sequence data or full genomic profiles.
• These markers consist solely of single nucleotide polymorphism (SNP) identifiers paired with two-letter genotype values (e.g., "CT" or "AG") related to nutrient metabolism.
• This data represents a negligible fraction of the human genome and cannot be used to reconstruct a genetic profile, identify familial relationships, determine ancestry, or reveal predispositions to diseases.
• The markers we retain are limited to nutritional relevance — such as how your body metabolizes specific vitamins, minerals, and fatty acids.

6.3 Genetic Information Nondiscrimination

We do not use your genetic information for any purpose beyond providing personalized nutritional supplement recommendations and improving our Services. We will never:

• Sell, lease, or provide your genetic information to employers, insurance companies, or any third party for non-research purposes
• Use your genetic information for underwriting, coverage, or pricing decisions
• Provide your genetic information to law enforcement without a valid court order or legal process
• Use your genetic information to make any decisions regarding your eligibility for our Services

6.4 State Genetic Privacy Laws

Several U.S. states have enacted genetic privacy laws that may provide additional protections, including the federal Genetic Information Nondiscrimination Act (GINA) and state laws such as the Illinois Genetic Information Privacy Act, California CalGINA, and similar statutes. We are committed to complying with applicable genetic privacy laws and regulations. If you have questions about how your state's laws apply to your genetic information held by Lyvv, please contact us at privacy@lyvvscience.com.

7. International Privacy Rights (GDPR and Other Frameworks)

If you are located in the European Economic Area (EEA), United Kingdom (UK), Switzerland, or other jurisdictions with comprehensive data protection laws, you may have additional rights under applicable law, including the EU General Data Protection Regulation (GDPR) and the UK GDPR.

7.1 Data Controller

For the purposes of the GDPR, the data controller is Lyvv Science, Inc., a company incorporated in the State of Delaware, United States. You can contact us regarding data protection matters at privacy@lyvvscience.com.

7.2 Lawful Basis for Processing

We process your personal data on the following legal bases:

• Consent (Article 6(1)(a)): For processing genetic markers and health data to provide personalized supplement recommendations, for marketing communications, and for research participation. You may withdraw consent at any time (see Section 7.4).
• Contract Performance (Article 6(1)(b)): For processing necessary to fulfill orders, manage subscriptions, process payments, and deliver our Services to you.
• Legitimate Interest (Article 6(1)(f)): For improving our Services, conducting analytics on de-identified data, preventing fraud, and ensuring security. We balance our interests against your rights in all cases.
• Legal Obligation (Article 6(1)(c)): For retaining transaction records as required by tax and financial regulations.

7.3 Processing of Special Category Data

The nutritional genetic markers and health information we process may constitute "special category data" under GDPR Article 9. We process this data based on your explicit consent (Article 9(2)(a)), which you provide when you upload genetic data or complete health assessments through our Services. You may withdraw this consent at any time by deleting your genetic data through your account settings.

7.4 Your Rights Under GDPR

In addition to the rights described in Section 5, you may have the following rights:

• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. You can withdraw consent by deleting your data, adjusting your account settings, or contacting us.
• Right to Restrict Processing: You may request that we restrict the processing of your personal data in certain circumstances (e.g., if you contest the accuracy of the data).
• Right to Object: You have the right to object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
• Right Not to Be Subject to Automated Decision-Making: Our supplement recommendations are generated using automated processing, including AI-powered analysis of your nutritional markers. You have the right to request human review of any automated decisions that significantly affect you, to express your point of view, and to contest such decisions.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your data protection rights.

7.5 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach and will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

7.6 Data Processing Agreements

We maintain Data Processing Agreements (DPAs) with all third-party service providers (sub-processors) who process personal data on our behalf, in compliance with GDPR Article 28. These agreements ensure that our sub-processors implement appropriate technical and organizational measures to protect your data.

8. Data Retention

We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy. Specifically:

• Account Data: Retained while your account is active and for a reasonable period thereafter
• Genetic and Health Data: Retained until you request deletion, with backups deleted within 90 days
• Transaction Records: Retained for 7 years to comply with tax and financial regulations
• De-identified Research Data: May be retained for as long as necessary for research purposes, as it has been irreversibly de-identified and cannot be linked back to you

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Enable core functionality like user authentication and security
• Analytics Cookies: Understand how users interact with our Services
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Deliver relevant advertisements (with your consent)

You can control cookies through your browser settings. Note that disabling certain cookies may limit functionality of our Services.

10. Children's Privacy

Our Services are not intended for individuals under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13 without parental consent, we will take steps to delete that information promptly.

11. International Data Transfers

Our Services are operated from the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

11.1 Genetic Marker Data and Cross-Border Transfers

We understand that many jurisdictions have enacted laws restricting the cross-border transfer of genetic data. We want to clarify the nature of data involved:

• The genetic information we process and store consists exclusively of a limited set of derived nutritional markers — not raw genetic sequences, full genome data, or comprehensive genetic profiles.
• These markers are isolated data points (individual SNP genotypes) that relate solely to nutrient metabolism and cannot be used to identify individuals, determine ancestry, establish family relationships, or assess disease predispositions.
• On our website, if you upload a genetic data file, all processing occurs within our secure U.S.-based infrastructure. The original file is deleted after processing; only the derived nutritional markers are retained.
• On our mobile applications, we offer manual entry only — you enter a limited number of specific genetic markers directly, with no file upload or transfer of raw genetic data involved.
• Users may delete all their genetic data at any time. Our deletion process removes data from both our databases and file storage systems, with automated fallback mechanisms to guarantee complete removal.

11.2 Safeguards for International Transfers

Where personal information is transferred from jurisdictions with data transfer restrictions (such as the European Economic Area, United Kingdom, or Switzerland), we implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all sub-processors that handle personal data
• Technical measures including encryption, pseudonymization, and access controls
• Regular assessments of the legal framework in recipient countries

11.3 Your Choices

If you are located outside the United States and do not wish your data to be transferred internationally, you may choose not to use our Services, or you may contact us at privacy@lyvvscience.com to discuss available options. You may also delete your genetic markers and account data at any time (see Section 5).

12. Third-Party Links

Our Services may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through a prominent notice on our Services. The "Effective Date" at the top of this policy indicates when it was last updated.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please Contact Us.